On Wed, Feb 09, 2022 at 09:39:49AM +0100, Michal Privoznik wrote:

In one of recent commits qemuProcessStartFlags enum gained new value: VIR_QEMU_PROCESS_START_RESET_NVRAM but due to a typo it has the same value as another member of the enum. Fix that.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_process.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/qemu/qemu_process.h b/src/qemu/qemu_process.h index f6c0d63d11..f6dd3f5104 100644 --- a/src/qemu/qemu_process.h +++ b/src/qemu/qemu_process.h @@ -79,7 +79,7 @@ typedef enum { VIR_QEMU_PROCESS_START_PRETEND = 1 << 3, VIR_QEMU_PROCESS_START_NEW = 1 << 4, /* internal, new VM is starting */ VIR_QEMU_PROCESS_START_GEN_VMID = 1 << 5, /* Generate a new VMID */ - VIR_QEMU_PROCESS_START_RESET_NVRAM = 1 << 5, /* Re-initialize NVRAM from template */ + VIR_QEMU_PROCESS_START_RESET_NVRAM = 1 << 6, /* Re-initialize NVRAM from template */ } qemuProcessStartFlags;

facepalm. Shame there's no compiler warning for this scenario. Though we do it intentionally in a handful of places, it would be better to warn by default and selectively hide it with a pragma. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|

On Wed, Feb 09, 2022 at 09:39:50 +0100, Michal Privoznik wrote:

The qemuPrepareNVRAM() function accepts three arguments and the last one being a boolean type. However, when the function is called from qemuProcessPrepareHost() the argument passed is a result of logical and of @flags (unsigned int) and VIR_QEMU_PROCESS_START_RESET_NVRAM value. In theory this is unsafe to do because if the value of the flag is ever changed

I don't think that this is accurate as casting a unsigned int (32bits) to a bool (8 bits) works properly even when the lower 8 bits of the value equal to 0: $ cat bool.c #include <stdint.h> #include <stdio.h> #include <limits.h> #include <stdbool.h> void p(char *s, unsigned long long v, uint8_t u, bool b) { printf("%30s: %30llu: %4u: %d\n", s, v, u, b); } #define E(val) \ p(#val, (val), (val), (val)) #define T(type) \ E(type - 1);\ E(type);\ E(type + 1) int main() { printf("bool size: %u\n", sizeof(bool)); E(0); T(CHAR_MAX); T(UCHAR_MAX); T(UINT8_MAX); T(INT_MAX); T(UINT_MAX); } $ ./a.out bool size: 1 0: 0: 0: 0 0x7f - 1: 126: 126: 1 0x7f: 127: 127: 1 0x7f + 1: 128: 128: 1 (0x7f * 2 + 1) - 1: 254: 254: 1 (0x7f * 2 + 1): 255: 255: 1 (0x7f * 2 + 1) + 1: 256: 0: 1 (255) - 1: 254: 254: 1 (255): 255: 255: 1 (255) + 1: 256: 0: 1 0x7fffffff - 1: 2147483646: 254: 1 0x7fffffff: 2147483647: 255: 1 0x7fffffff + 1: 18446744071562067968: 0: 1 (0x7fffffff * 2U + 1U) - 1: 4294967294: 254: 1 (0x7fffffff * 2U + 1U): 4294967295: 255: 1 (0x7fffffff * 2U + 1U) + 1: 0: 0: 0

then this expression might overflow. Do what we do elsewhere: double negation.

I have no problem with the code change to make it use our common pattern.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_process.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 7066696f31..24873f6fb7 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -6983,7 +6983,7 @@ qemuProcessPrepareHost(virQEMUDriver *driver, qemuProcessMakeDir(driver, vm, priv->channelTargetDir) < 0) return -1;

- if (qemuPrepareNVRAM(driver, vm, flags & VIR_QEMU_PROCESS_START_RESET_NVRAM) < 0) + if (qemuPrepareNVRAM(driver, vm, !!(flags & VIR_QEMU_PROCESS_START_RESET_NVRAM)) < 0) return -1;

if (vm->def->vsock) { -- 2.34.1